attack arXiv Jan 29, 2026 · 9w ago
Javier Carnerero-Cano, Luis Muñoz-González, Phillippa Spencer et al. · IBM Research Europe · Imperial College London +3 more
Stealthy bilevel-optimization poisoning attacks bypass regression defenses; BayesClean uses Bayesian uncertainty to detect them
Data Poisoning Attack tabular
Regression models are widely used in industrial processes, engineering and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a novel optimal stealthy attack formulation that considers different degrees of detectability and show that it bypasses state-of-the-art defenses. We further propose a new methodology based on normalization of objectives to evaluate different trade-offs between effectiveness and detectability. Finally, we develop a novel defense (BayesClean) against stealthy attacks. BayesClean improves on previous defenses when attacks are stealthy and the number of poisoning points is significant.
traditional_ml IBM Research Europe · Imperial College London · Universidad de Alcalá +2 more
ML Security Papers